In general, if you want to spoof an IP address, you have to have control of that address in order for you to get a reply. This is just due to the design of the TCP/IP protocol suite. You don't always care if the spoofed packets come back to you. Sometimes, you just want to flood the IDS with a bunch of random sources masking the actual port scan. A really stupid IDS will make it difficult for the operator to detect your port scan.

Idle scanning is useful for detection evasion. You don't actually need to receive the replies from your scans as long as you've identified a nice quiet host to spoof and you don't have to control that address either, but you will need access to it.

tturner - why do you need access to the idle host? I think you just need to have an open tcp port to use for the idle scan to increment the IP ID, but you don't need anything further. Or did I misunderstand and you meant access as being such?

I mean network access. Meaning you can't target a host behind a NAT'd firewall and use another spoofed host on that same network unless you can directly communicate with it. You absolutely do not need any kind of privileged access.